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(5?) Abstract: In a network having a plurality of user terminals and a user authentication site, a method for autoenticating a user. 
A user terminal of the network receives a password from a user, and translates the password into an authentication encryption key 
for the user. The terminal generates a first random number, encrypts the first random number with the authentication encryption key 
tb provide a first encrypted message, and transmits the first encrypted message to the user authentication site. The user authentica- 
tion site decrypts the encrypted first message to provide the first random number, and generates a second random number, which is 
transmitted to the user terminal The user terminal combines and encrypts the first and second random numbers, with the authenti- 
cation encryption key, to provide a second encrypted message. The user tenninal transmits the second encrypted message to the user 
authentication site, which decrypts the encrypted second message to provide the combined first and second random numbers. The 
user authentication site verifies mat the first and second random numbers are correct, and authenticates the user in accordance with 
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NETWORK USER AUTHENTICATION PROTOCOL 

rimS5lRTCFirai^ TO RTCT , A TED APPLICATIONS 

This nonprovisional U.S. national application, filed tinder 35 U.S.C. 
5 §lll(a), claims, under 37 C.F.R. §1.78(a)(3), the benefit of the filing date of 
provisional U.S. national application no. 60/147,944, attorney docket no. SAR- 
13276P, filed on 08/06/99 t^der 35 ^ §lll(b), the entirety of which is 
incorporated herein by refer^ce/ auid the benefit of the filing date of 
provisional U.S. national sipi^ication no. 60/148,624, attorney docket no. 
10; SAR13431P, filed on 08/1^99jtinder 35 U.S.C. §lll(b), the eritii^ty of which is 
incorporated herein by reference. 

GOVEKNMFINT INTERESTS 
This invention was at least partially supported by U.S Army CECOM 
^tovernment Contract No. DAAB07-97 C:-D607. The government may have 
15 certain rights in this inventiah. 

BACk^j^ 

Field 4rfth^ 

The present invention relates to computer networks and, in particular, 
to systems and methods for authentication of users seeking access to the 
20 network. 

Description of the Related Art 

Computer networks are widely used. These include private networks 
such as local-area networks ("LANs"), wide-area networks CWANs"), and 
the Internet. The network consists of a variety of nodes, interconnected by 

25 transmission media. Some nodes may be terminals and/or personal 
computers ("PCs") by which a user gains access to the network. Other 
network nodes are functional units such as routers, servers, and the like. 
Various communications media are used to interconnect the nodes of a 
network, such as fiber-optic cables, Integrated Services Digital Network 

30 ("ISDN"), wireless links, and the like. As will be understood, various nodes 
of a networked computer system may be connected through a variety of 
communication media. 
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A given private network is typically maintained and operated by a 
specific company, where access to the networkis limited to authorized users. 
In order to limit access to authorized users, networks are often configured 
to "authenticate" a user attempting to access the network, to ensure that the 
5 user is an authorized user. The authentication procedure is thus designed 
to ensure that only authorized (authenticated)users are allowed to access the 
network. The simplest form of authentication reqinres a username o^ user 
ID, and password to gain access to a particular account. Authentication 
protocols can also be based on secretkey encryption or 
10 using digital signatures. In some networks, in order to maintain network 
access control, users are required to be periochcaUyr^-authenticated to retain 
: network access. The authentication process authenticates an authorized 
user. The outcome of the authentication can be said ^ to be successful if t^ 
' : user is successfully authenticated, i.e. authorized to access the networl. T^ 
15 authentication fails if the user is not granted authorization to access the 
network. 

Conventional authentication procedures/ however, may be subject to 
infiltration by unauthorized users, or other forms of "attack"; The attack may 
permit substitute or false information to be inserted into the network, or 
20 delivered from the network, or it may otherwise permit the unauthorized 
user to gain access to the network, further allowing them to perform a range 
of^^^ information resides in the memory of a 

network terminal, whether mobile, vnreless, or fixed/ it may be possible for 
an unauthorized user to attack the memory to acquire the authentication 
25 information, and thus access to the system. 

For example, in a network with mobile users (iie.; wireless* mobile 
terminals), there may be opportunity for user terminals to fall into 
unauthorized hands in which the terminal memory may be attacked. If the 
hacker acquires authentication information stored in the memory of the 
30 terminal, this may be used to gain unauthorized access of the network. Also, 
some networks and authentication procedures are vulnerable to so-called 
a man-in-the-middle ,, attacks. In this kind of an attack, an unauthorized user 
interferes with the initial public key exchange, by intercepting the very first 
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message to a new correspondent (e.g., from the terminal to some 
authentication server of the network) and substituting a bogus public key for 
the genuine public key. There is, therefore, a need for improved 
authentication systems and techniques which do riot suffer the foregoing 
5 disadvantages and problems. 

SUMMARY 

In a network having a plurality of user terminals and a user 
authentication of 
the network receives a passwordifrom a us^ 
10 ihto an ^^eriticiatioh encryption key fox" user ^ Th generates 
a first random number, encrypts the first 

authentication encryption key to provide a first enci^ted message, and 
transmits the first encrjrpted message to site; The 

user authentication site decrypts the ienciypted first message to provide the 
15 first random number, and generates a second random number, which is 
transmitted to the user terminal. The user tera 

the first a^ random numbers, with the authentication encryption 

key, top The user terminal transmits the 

second encrypted message to the user authentication site^ 

20 encrypted second message to provide the combined first and second random 
numbers. The user authentication site verifies that the first and second 
random numbers are correct, and authenticates the user in Accordance with 
this verification. 

BRIEF DESCRIPTION OF THE DRAWINGS 

25 These and other features, aspects, and advantages of the present 

invention will become more fully apparent from the following description, 
appended claims, and accompanying drawings in which: : 

Fig. lis a block diagram of a computer network in accordance with an 
embodiment of the present invention; and 

30 Fig. 2 is a flow chart illustrating the authentication protocol of the 

network of Fig. 1, in accordance with an embodiment of the~ present 
invention. 
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DESCRIPTION OF THE FRkfj ^kRTTI EMBODIMENT 

The present invention provides an authentication protocol designed to 
prevent unauthorized entities from gaining access to the network either by 
obtaining authentication information through communications attack or by 
5 gaining access to a network terminal. In the present invention, only 
information personally retained by an authorized user may be used for 
: authentication. No authentication information resides; in any user's 
terminal, thereby minimizing the risk of an .unauthdrized^fUiserv gaining 
• : access through a terinmal^ mobile termLiiaL In addition, the 

10 authenticatibn protocol of the present invention man-iii- 
the-middle attack. 

Referring now to Fig:--lv^hereis shown a block diagram of a computer 
network system 100 in accordance with an embodiment of the present 
^invention/ Network 100 includes a user iterniinal 110, and a user: 
15 authentication site 120; ihterc transmission 
channel 125, which may be; a LAN, fiber opti^ digital 
communications means. User terminal 110 may Ire a PC at a fixed location, 
a remote PC connected to authentication site 120 by a telephone or other link; 
or a mobile unit connected by ; a wireless link. Terminal 110 contains a 
20 processor (GPU 111) and memory ^112. Userauthehtication site 120 may be a 
server or other dedicated piece of hardware* a PC, or even a site manned by 
human operators. There may be more than one authentication site in 
network 100. 

Each authorized user of network 100 is assigned a unique password* 
25 and an authentication encryption and decryption key pair. A given user's 
authentication encryption key is the outcome of applying a specified 
encryption-key generation algorithm to the user's password. The user's 
authentication decryption key is the key that can decrypt messages encrypted 
using the user's authentication encryption key . These keys are used only for 
30 authentication and no other purpose, such as data encryption/decryption. 
Only the user authenticatibn site(s) 120 stores the user's authentication 
encryption and decryption keys, password, and other information about the 
user, such as the user's security clearance, authori the network 
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(access authority). No user terminal stores the user's encryption or 
decryption keys, or the user's password (except for temporarily storing the 
user's password and authentication encryption key during the 
authentication process). 
5 In some embodiments, each user may also have a Smart Card with 

personal information pre-encrypted with the user's individual authentication 
encryption key; Each user ':^y:-alsp"lmye^ealth sensors mounted on his 
body, for additional security. -." 
Each us^r teraMnal; : sue 

10 tra^ 

example, user terming ill and the above-rQentioned 

V encryption-key generation algorithm; 110 also has the ability 

to generate random numbers, and to encrypt a given message with the user's 
individual authentication enciyp Thus, if the user provides a 

15 password to terminal 110, terminal 110 can run the encryption-key 
generati as input, to generate the user's 

authentication encryption key. It can then generate a random number and 
use the authentication encryption key to encrypt the random number, to 
provide an enarypted random number (which is also a random number). 

20 The password- random number, authentication encryption key, encrypted 
messages, and received messages; can be stored byterminal 110 temporarily 
in memory 112; In some embodiments, a terminal 110 can be equipped with 
sensors to read and transmit the user^s Smart Card information, health 
sensors, and/or ah iris recognition device, for additional security. 

25 Referring now to Fig. 2, there is shown a flow chart illustrating the 

network user authentication protocol method 200 of network 100, in 
accordance with ah embodiment of the present inventi First, a user 
initiates access of a user terminal 110 (step 201). Alternatively, if a user has 
been using a given terminal 110 for some time, after a timeout, 

30 authentication site 120 notifies user terminal 110 to re-authenticate the user 
(step 203). Terminal 110 then notifies title user to enter a user ID and 
password, for example within a given time period (step 205). In the case of 
re-authentication, step 205 may involve issuing an Authentication Warning 
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to the user, which may be in the form of a visual, auditory, or skin sensation 
message; Also, in the case of re-authentication in which the user is 
currently engaged in a session, the terminal 110 may still have user ID 
stored, in which case it heed only prompt the user for the password. 

5 The user presumably will only have a password if he is -an authorized 

user. In this case, the authorized user enters his user ID and password (step 
207), within i specified timeout period if this is required in step 205. 

r Terminal 110 then generates the^ encryption key by 

S^^MisIating ; the ipass word into tWs 1^ 

10 : algorithm (209); possess or ^en Idiow his 

^luthenticatioh encryption key, but phly l^ 

Terminal 110 also generates ?& first random number (step 211), and 
then encrypts this random number using the user's authentication 
encryption fey (s^ then notifies the user 

15 authentication isite 120 of the user's identity and transmits the encrypted 
random number to user authentication site 120 (step 215), In an 
embodiment, the authentication site is notified of the user's identity by 

y ; transmitting the user ID to the authenticationsite. The user ID is preferably 
first encrypted with the user's authentication encryption key and then the 

20 encrypted ID is transmitted to authentication site 120. Authentication site 
: 120 can then exhaustively decrypt the received encrypted message, with every 
possible authentication decryption key, until there is produced a user ID 
which matches a valid user ID of the network (and which also matches the 
user ID of the decryption key used to successfully decrypt the message). 

25 Thus, once authentication site 120 has succelssfully decrypted the user ID 
message, it knows the user ID and thus which authentication decryption key 
to use to decrypt subsequent encrypted messages transmitted during the 
authentication process. In an embodiment, the user terminal 10 ID is also 
encrypted and transmitted to authentication site 120 along with the user ID. 

30 In the case of re-authentication, the enciypting and sending of the user ID 
can be skipped; or, for convenience and simplicity, it can still be transmitted, 
but the authentication site 120 can in this case simply use the already- 
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determined decryption key to decrypt the encrypted user ID, rather than 
perform an exhaustive decryption. 

After decrypting the encrypted user ID message, authentication site 
120 receives the encrypted first random number. User authentication site 120 
5 decrypts this message with the particular user's authentication decryption 
key, to provide the original first random number (step 217). User 
authentication site 120 then; generates a second random number, and 
transmits it to user" terminal 110 (step 219). In an alternative embodiment, 
an encrypted version of the second random number is transmitted to user 
10 termmal 110, in which a second eh^ utilized. 

At this point in time, user authentication site 120 knows the identity of 
^iie user and/or his password, that user's authentication 
encryption/decryption keys (or at least the decryption key), and the first and 
^ second random numbers. T^e us^r tennm 110 only temporarily, during 
1 5 the authentication process, stores the user's password and authentication 
encryption key. 

v After receiving the second random number from authentication site 
120- the user's terminal 110 combines and encrypts both random numbers 
with^ t^ user's authentication encryption key and transmits this message to 

20 the user authentication site (step 221). The two random numbers may be 
combined in a variety of specified ways, e.g. adding, subtracting, 
multiplying, concatenating strings, and so forth, so long as the technique 
used by user terminal 110 is known to user authentication site 120. The 
combining technique used is preferably set apriori and specified as part of the 

25 authentication protocol of the present invention. 

The user authentication site 120 thus receives an encrypted message, 
which is an encrypted version of the combined two random numbers, and 
decrypts this message using the user's authentication decryption key. 
Authentication site 120 then verifies that both random numbers are correct. 

30 If so, there has been no man-in-the-middle attack. At this point, 
authentication site 120 knows the identify of the user attempting to gain 
access. If the user's identify and access authority permit network access, 
authentication site 120 authenticates the user by transmittingthe appropriate 
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authentication message to terminal 110 and allowing network resources to 
be used by the user from user terminal 110, in accordance with the user's 
level of access authority (step 223). If the user is a new user, he is 
authenticated, or denied access if the authentication .fails. In the case of re- 

5 authentication, the user is re-authenticated, or authentication is withdrawn 
if the authentication fails. 

In an alternative embodiment, user authentic may also 

query user terminal 110 for Smart Card information, the status of the user's 
health, and/or iris recognition; iiifprmation. This information may be used 

10 for additional security ^^authentication site 120, in step 223, in verifying the 
user's identity and ability to conduct a terminal session; Whether 
authentication fails or is successful, the user terminal 110 in both cases 
erases the user's password arid authentication encryption key from its 
memory 112 immediately after the authentication proceiss is completed (step 

15 225): 

As will be understood, the term^user" as used herein refers to a person 
either attempting to gain access, or already having access, to the network 100 
via a user terminal 110. Thus a prospective user as well as one already 
authorized by an authentication process is a user. 
20 In an embodiment, health sensors are also provided. If at any time 

during a session user terminal 110 detects that the user is unable to conduct 
a terminal session, based on status from the health sensors, this information 
is transmitted to the user authentication site 120 arid the latter withdraws 
authentication. 

25 As will be appreciated, the authentication protocol of the present 

invention is not vulnerable to a man-in- the-middle attack. Further, 
authentication data security is attained by not permitting individual 
authentication information to reside on any user terminal 110. Limiting user 
authentication information to the user authentication site 120 attains user 

30 security. Further, having user authentication site 120 control access to user 
terminal 110 attains terminal access and security. 

It will be understood that various changes in the details, materials, 
and arrangements of the parts which have been described and illustrated 
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above in order to explain the nature of this invention may be made by those 
skilled in the art without departing from the principle and scope of the 
invention as recited in the following claims. 
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What is claimed is: 

1. In a network (100) having a plurality of user terminals (110) and a 
user authentication site (120), a method (200) for authenticating a user, 
comprising the steps of: 

5 (a) receiving (207), at a user terminal (110) of the network (100), a 

password from a user; 

(b) translating (209) the password into an authentication encryption 

key for t^e ;tise 

(c) using (211-225) the authentication encr^tion key to authenticate the 
10 user with the user authentication site ( 120). 

2. The method of claim 1, wherein step (c) comprises the steps of: : 

(1) generating (211), with the user terminal, a first random 
number; 

15 (2) ehciypting (213) the first random number with ^^eh 

authentication encryption key to 

message arid transmitting (215) the first encrypted V 
message from the uisef terminal to the user 
authentication site; 

20 (3) decrypting (217), at the user authentication site, the 

encrypted first message to provide the first random 
number; 

(4) generating (219), with the user authentication site, a second 

random number and transmitting the second random 
25 number to the user terminal; 

(5) combining and encrypting (22 1), with the user terminal, the 

first and second random numbers to provide a second 
encrypted message and transmitting the second 
encrypted message from the user terminal to the user 
30 authentication site; 

(6) decrypting (223), at the user authentication site, the 

encrypted second message to provide the combined first 
and second random numbers; 
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(7) verifying (223) that the first and second random numbers are 

correct; and 

(8) authenticating (223) the user in accordance with said 

verification. 

5 . - • . ' ' v 

3. The method of claim 2, comprising the further step of erasing (225) 

from the user terminal the password after the user authentication, whether; 
the authentication is successful or not. 

4. The method of claim 2, wherein: 

10 step (a) comprises ^ furtiier step of receiving (207)), at the user 

terminal, a user ID from the user; 
step (c)(2) cpmpr^es the further step of encrypting the user ID with the 
authentication encryption key to provide an encrypted user ID 
message and ^ ti-^simirting (215) the encrypted use ID message 

!5 from the user terminal to the user authentication site; and 

step (cX3) comprises the further step of decrypting, at the user 
•authentication site, the encrypted user ID message with valid 
authentication decryption keys until a decrypted user ID is 
produced which niatches a valid user ID of the network, step 

20 (c)(3) further comprising the step of decrypting the encrypted 

first message with the authentication decryption key used to 
successfully decrypt the encrypted user ID message, to provide 
the first random number. 

25 5. The method of claim 2, wherein step (c)(8) comprises the step of 

authenticating (223) the user if the first and second numbers are correct and 
if the user has authority to access the network. 

6. The method of claim 2, further comprising the steps of reading, 
30 with a health sensor, the user's health status, transmitting said health 
status to the user authentication site, and authenticating the user in 
accordance with said health status and said verification of step (c)(7). 
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7. The method of claim 2, further comprising the steps of querying, 
with the authentication site, the user terminal to read user information from 
a user smart card and authenticating the user in accordance with said user 
information and said verification of step (c)(7). 

5 . . - ■ . , ' .-" -/:y: : :- " ■ : ; - : : \ 

8. The method of claim 1, wherein step (a) comprises the steps of: : 
notifying (205) the user, with the terminal, to enter a i^er ID ind the 

password when one of (1) a new user initiates ^ access of the 
terminal and (2) the authenticatibh site notifies (203) the 
10 terminal when being used to rerauthenticate after a time-put; 

and ... .' . '''v : :- ' : \ ' /:: v ; " :" 

receiving, at the user terminal, the user ID from the user. 

9. In a network (100) having a plurality of user terminals; (110), a 
15 method for enci^ti steps of: 

(a) receiving (207), at a user terminal (110) of the network (100), a 

network password from a user; 

(b) tr anslatiiig (209), with an encryption-key generation iaigorithm j the 

password into an authentication encryption key for the user ; 

20 



(c) using the authentication encryption key to encrypt (213) data to 
provide an encrypted message. 
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TERMINAL COMBINES AND ENCRYPTS BOTH RANDOM NUMBERS 
WITH USER AUTHENTICATION ENCRYPTION KEY AND TRANSMITS 
ENCRYPTED MESSAGE TO USER AUTHENTICATION SITE 
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USER AUTHENTICATION SITE DECRYPTS MESSAGE USING USER 
AUTHENTICATION DECRYPTION KEY, VERIFIES THAT BOTH RANDOM 
NUMBERS ARE CORRECT, VERIFIES USER'S IDENTITY AND ACCESS 
AUTHORITY AND AUTHENTICATES USER IF SO 



TERMINAL ERASES USER'S PASSWORD AND USER 
AUTHENTICATION ENCRYPTION KEY FROM ITS MEMORY 
WHETHER OR NOT AUTHENTICATION IS SUCCESSFUL 
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